Skip to content

[duplicate-code] Duplicate Code Pattern: DIFC LabeledResource Field Parsing in wasm_parse.go #8171

Open
Open
[duplicate-code] Duplicate Code Pattern: DIFC LabeledResource Field Parsing in wasm_parse.go#8171
Assignees
lpcoxcopilot-swe-agent
Labels
automated-analysiscode-quality

Description

@github-actions
github-actions
bot
opened on Jun 27, 2026

🔍 Duplicate Code Pattern: DIFC LabeledResource Field Parsing

Part of duplicate code analysis: #8170

Summary

Two functions in internal/guard/wasm_parse.go contain near-identical ~17-line blocks that parse description, secrecy, and integrity fields from a map[string]any into a *difc.LabeledResource. Since this code lives in the DIFC security path, a latent bug or behavioral change would need to be fixed in both places.

Duplication Details

Pattern: Repeated LabeledResource field parsing from JSON map

  • Severity: High
  • Occurrences: 2 instances
  • Locations:
    • internal/guard/wasm_parse.goparseResourceResponse (lines 384–402)
    • internal/guard/wasm_parse.goparseCollectionLabeledData (lines 437–459, inside item loop)

Instance 1 — parseResourceResponse:

if desc, ok := resourceData["description"].(string); ok {
    resource.Description = desc
}

// Parse secrecy tags
if tags := parseDIFCTagsFromAny(resourceData["secrecy"]); tags != nil {
    resource.Secrecy = *difc.NewSecrecyLabelWithTags(tags)
} else {
    resource.Secrecy = *difc.NewSecrecyLabel()
}

// Parse integrity tags
if tags := parseDIFCTagsFromAny(resourceData["integrity"]); tags != nil {
    resource.Integrity = *difc.NewIntegrityLabelWithTags(tags)
} else {
    resource.Integrity = *difc.NewIntegrityLabel()
}

Instance 2 — parseCollectionLabeledData (same logic, different source variable labelsData):

if desc, ok := labelsData["description"].(string); ok {
    labels.Description = desc
}

// Parse secrecy tags
if tags := parseDIFCTagsFromAny(labelsData["secrecy"]); tags != nil {
    labels.Secrecy = *difc.NewSecrecyLabelWithTags(tags)
} else {
    labels.Secrecy = *difc.NewSecrecyLabel()
}

// Parse integrity tags
if tags := parseDIFCTagsFromAny(labelsData["integrity"]); tags != nil {
    labels.Integrity = *difc.NewIntegrityLabelWithTags(tags)
} else {
    labels.Integrity = *difc.NewIntegrityLabel()
}

Impact Analysis

  • Maintainability: Any change to label parsing logic (e.g., adding a new field, changing default label behavior) must be applied in both functions or silently diverge
  • Bug Risk: High — this code is in the DIFC security enforcement path; a missed fix creates an inconsistency between resource-level and collection-level label application
  • Code Bloat: ~17 lines × 2 = ~34 lines that could be reduced to ~5 call-sites + ~15 line helper

Refactoring Recommendations

1. Extract fillLabeledResourceFromMap helper function

Add a private helper in wasm_parse.go (or a new wasm_labels.go):

// fillLabeledResourceFromMap populates description, secrecy, and integrity fields
// of r from the given JSON-decoded map.
func fillLabeledResourceFromMap(rawData map[string]any, r *difc.LabeledResource) {
    if desc, ok := rawData["description"].(string); ok {
        r.Description = desc
    }
    if tags := parseDIFCTagsFromAny(rawData["secrecy"]); tags != nil {
        r.Secrecy = *difc.NewSecrecyLabelWithTags(tags)
    } else {
        r.Secrecy = *difc.NewSecrecyLabel()
    }
    if tags := parseDIFCTagsFromAny(rawData["integrity"]); tags != nil {
        r.Integrity = *difc.NewIntegrityLabelWithTags(tags)
    } else {
        r.Integrity = *difc.NewIntegrityLabel()
    }
}

Both call-sites become:

// parseResourceResponse
resource := &difc.LabeledResource{}
fillLabeledResourceFromMap(resourceData, resource)

// parseCollectionLabeledData
labels := &difc.LabeledResource{}
fillLabeledResourceFromMap(labelsData, labels)

Implementation Checklist

  • Add fillLabeledResourceFromMap helper to internal/guard/wasm_parse.go
  • Replace duplicated blocks in parseResourceResponse and parseCollectionLabeledData
  • Verify tests pass (no behavior change expected)
  • Confirm the helper is tested via existing tests for both callers

Parent Issue

See parent analysis report: #8170
Related to #8170

Generated by Duplicate Code Detector · 936.3 AIC · ⊞ 35.7K ·

  • expires on Jul 4, 2026, 3:45 AM UTC

Metadata

Metadata

Assignees

Labels

automated-analysiscode-quality

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions